what are the benefits of using HTTP authentication with PHP (HTTP 401 headers)
instead of using a normal form submit authentication??
what are the benefits of using HTTP authentication with PHP (HTTP 401 headers) instead
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
what are the benefits of using HTTP authentication with PHP (HTTP 401 headers)
instead of using a normal form submit authentication??
From security perspective, both the form based and HTTP Basic Access Authentication use plain text for sending the authentication data. (Sure, HTTP Basic Auth additionally uses Base64, but that’s no hitch.)
While HTTP Basic Auth sends the authentication data on every request, the form based authentication only sends the authentication data when the form is sent (remember: both in plain text). Commonly sessions are used to maintain the state when using form based authentication.
So if you want to use one of these, be sure to encrypt your connection using HTTPS to prevent sniffing and man-in-the-middle attacks. And when you choose the form and session based variant, be sure to secure your session handling too to prevent or at least detect session frauds like Session Hijacking and Session Fixation.
The last variant is HTTP Digest Access Authentication. The main difference between this and Basic is, that Digest is a challenge-response authentication whereas the client has to fulfill a challenge on every request and the response is just a MD5 hash. So no authentication data in plain text is being send.